[jboss-jira] [JBoss JIRA] (WFCORE-3044) Remoting connection sharing causes authentication failures - DIGEST SASL mechanism

Darran Lofthouse (JIRA) issues at jboss.org
Fri Jul 7 12:31:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-3044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved WFCORE-3044.
--------------------------------------
    Fix Version/s: 3.0.0.Beta29
       Resolution: Done


> Remoting connection sharing causes authentication failures - DIGEST SASL mechanism
> ----------------------------------------------------------------------------------
>
>                 Key: WFCORE-3044
>                 URL: https://issues.jboss.org/browse/WFCORE-3044
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Remoting, Security
>            Reporter: Josef Cacek
>            Assignee: David Lloyd
>            Priority: Blocker
>             Fix For: 3.0.0.Beta29
>
>
> Server rejects DIGEST SASL authentication in some cases when an existing remoting connection is reused. It seems the protocol name is not updated or matched correctly. The root cause of the problem is moreover hidden due to JBEAP-10953.
> Clients just get:
> {noformat}
> Caused by: org.wildfly.security.auth.AuthenticationException: JBREM000304: Server rejected authentication
> 	at org.jboss.remoting3.ConnectionPeerIdentityContext.doAuthenticate(ConnectionPeerIdentityContext.java:340)
> 	at org.jboss.remoting3.ConnectionPeerIdentityContext.authenticate(ConnectionPeerIdentityContext.java:178)
> 	at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:478)
> 	at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:467)
>         ...
> {noformat}
> The hidden exception stack trace is:
> {noformat}
> javax.security.sasl.SaslException: ELY05088: [DIGEST-MD5] digest-uri "remote+http/doma" not accepted
> 	at org.wildfly.security.sasl.digest.DigestSaslServer.validateDigestResponse(DigestSaslServer.java:239)
> 	at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateMessage(DigestSaslServer.java:355)
> 	at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
> 	at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateResponse(DigestSaslServer.java:328)
> 	at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
> 	at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
> 	at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57)
> 	at org.jboss.remoting3.ConnectionImpl.lambda$receiveAuthResponse$3(ConnectionImpl.java:273)
> 	at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:897)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:748)
> {noformat}
> We hit this problem as an intermittent failure in the AS testsuite.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list